Voice virtual private network

ABSTRACT

Embodiments of the present invention include a Voice Virtual Private Network (Voice VPN) and methods for providing access to remote peer users across same. In one embodiment, voice and communication services of one or more corporate network are provided to remote user terminals across a Voice VPN Gateway. The level and type of access to voice and communication services provided can be determined statically, dynamically, or adaptively based on user data or user habits or history.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is a continuation of co-pending U.S. patentapplication entitled “Voice Virtual Private Network”, Ser. No.11/105,043, filed on Apr. 12, 2005.

BACKGROUND OF THE INVENTION

1. Field

This invention relates generally to telecommunications, morespecifically, to a Voice Virtual Private Network (Voice VPN) to providesecure access to corporate voice and communications functionalities forcorporate users.

2. Related Art

The era of Private Branch Exchange (PBX) arrived in 1976 when AT&Tintroduced its System 75 all digital switch for business. In a fewyears, PBXs quickly replaced WATS and Centrex as the voicecommunications of choice for corporations, improving business efficiencyand productivity. In the ensuing years, PBX remains the flagship, andperhaps the only infrastructure with which corporate voicecommunications are provided. During this time, emerging technologies,particularly the 800-number service and Call Center have enhanced thecapabilities of PBX, extending its reach, and creating new businessopportunities.

After three decades of dominance in the corporate world however, asignificant transformation of the corporate voice communications is nowtaking place. The emergence of various access methods, for example,cellular wireless, WiFi, and cordless phones, have given users themobility they never had before. This newfound convenience hasirreversibly changed the work style of corporate users.

The proliferation of the Internet and the deployment of CustomerRelationship Management (CRM) solutions have greatly reduced the role oftraditional Call Center as corporate users and customers can readilyretrieve information, secure or otherwise, through the Web interface. Onthe other hand, such technologies have also improved productivity andshaped corporate user expectations. Similarly, the maturing Voice overIP (VoIP) and other IP information technologies open up a uniqueopportunity for rich, real-time and multi-media communications,legitimately challenging the status quo of PBXs in their current form.

Despite this inevitable transition, however, the principal use of voicecommunications in the corporate businesses sector remains unchanged.Traditional PBXs are undergoing progressive evolution to integrate withVoIP, WiFi, Corporate Directory, among other functions. At the sametime, emerging IP-based communications services such as email andInstant Messaging are extending to include audio and voice capabilities.These enhancements however, are limited to corporate users who arewithin the realm of the corporate networks. Secure and ubiquitousextension of these services to remote corporate users is eitherimpossible or infeasible because the supporting infrastructures orapparatus simply do not exist.

Some of the issues solved by the present invention are best illustratedby examples. In one scenario, a salesperson, while working with acustomer, needs to reach a technical department for information. Withoutaccess to the corporate directory, he decides to call a colleague in thesales department, and asks her to transfer the call. After a successfulcall transfer however, the engineer who receives the call has noreliable way to authenticate the caller and therefore may not feelcomfortable disclosing the sensitive or proprietary information neededby the salesperson to make the sale.

In another scenario, an executive, traveling to Asia, will need to joina scheduled teleconference at 9 pm Pacific time being hosted on a U.S.corporate PBX telephone system. Prior to departure from the U.S., theexecutive would need to collect all the needed information, such asconference time, PIN code, phone number, etc. The executive will alsoneed to look-up the International Direct Dial number, the United StatesCountry code, and/or other country specific access numbers unique to thelocal dialing plan. In addition to complexity of making the telephonecall to join the teleconference, the billing and possible reimbursementcan also be complicated. When the executive returns from the businesstrip, the telephony usage during the trip will have to be reported,recorded and processed separately.

In another scenario, a telecommuter working from home needs the full setof corporate voice and communication services to do his work. Currentsolutions typically include proprietary phone and software at home andcomplementary gateway equipment and software at the corporate site. Suchsolutions often require extensive development and support and areprobably not feasible for massive deployment.

In yet one other scenario, a traveling salesman is working in a coffeeshop that provides WiFi Internet service. His cell phone is out of thecoverage area of a compatible cellular service. While he can establish adata connection from his PC to the corporate VPN over the Internet toretrieve company information, he is unable to reach the corporate voiceservice.

The above examples illustrate a need for a fundamentally new corporateinfrastructure or apparatus to support a secure and ubiquitous access tocorporate voice and communication services for corporate users, andhence a need for a method for a Voice VPN.

BRIEF SUMMARY OF THE INVENTION

Embodiments of the present invention include methods for setting up,accessing and terminating services of a Voice VPN. In one embodiment,the present invention includes a Voice VPN Gateway that acts as theinterface between a Corporate User Terminal and Corporate Voice andCommunication Service Servers for providing voice and communicationservices to a corporate user.

In one embodiment, the Voice VPN provides remote corporate users withfull or partial access to corporate voice and communication servicessuch as making and accepting telephone calls, and accessing corporatetelephones directories.

In another embodiment, the Voice VPN can facilitate calls and otherservices between remote peer parties who can be corporate voice serviceusers inside the realm of the corporate voice network, other Voice VPNusers, users connected to the corporate network via other networks suchas PSTN or any combination thereof.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE FIGURES

FIG. 1 is a diagram illustrating a Voice Virtual Private Network Gatewaysystem according to one embodiment of the present invention.

FIG. 2 is a diagram illustrating a method for accessing a corporateVoice Virtual Private Network according to one embodiment of the presentinvention.

FIG. 3 is a diagram illustrating a method for terminating access to acorporate Voice Virtual Private Network according to one embodiment ofthe present invention.

FIG. 4 is a diagram illustrating a method for activating corporate phoneservices according to one embodiment of the present invention.

FIG. 5 is a diagram illustrating a method for terminating corporatephone services according to one embodiment of the present invention.

FIG. 6 is a diagram illustrating a method for placing a phone callaccording to one embodiment of the present invention.

FIG. 7 is a diagram illustrating a method for receiving a phone callaccording to one embodiment of the present invention.

FIG. 8 is a diagram illustrating a method for a corporate user to drop aphone call according to one embodiment of the present invention.

FIG. 9 is a diagram illustrating a method for a remote peer user to dropa phone call according to one embodiment of the present invention.

FIG. 10 is a diagram illustrating a method for retrieving a corporatephone directory according to one embodiment of the present invention

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 is Voice Virtual Private Network (Voice VPN) Gateway. A Voice VPNGateway facilitates access to a corporate Voice VPN. A Voice VPNprovides corporate users ubiquitous and secure access to corporate voiceand communication services. With a Voice VPN corporate users can accesscorporate voice and communication services through a variety accessnetworks. A Voice VPN Gateway is the interface between user terminalssuch as phones and Corporate Voice and Communication Service Servers,such as a corporate telephone system. The present invention is a systemand method for a Voice VPN.

FIG. 1 illustrates a Voice VPN Gateway. Voice VPN Gateway 100 has threemodules—a Voice VPN Activator 110, a Voice VPN Signaling Mediator 130and a Voice VPN Session Mediator 150. User Terminal 180 interacts withthe Voice VPN Activator 110 over Voice VPN Activation Interface 101.

Corporate users access the corporate Voice VPN using a User Terminal180. User Terminal 180 uses the Voice VPN Activation Interface 101 torequest access to corporate Voice VPN, and to request one or morecorporate voice and communication services.

In one embodiment, Voice VPN Activation Interface 101 is based onInternet Protocol.

In one embodiment, Voice VPN Activation Interface 101 is based on Webtechnologies including, but not limited to, HTTP, Web Services, Java.

In one embodiment, Voice VPN Activation Interface 101 is based on aclient-server protocol. User Terminal 180 is a client sending requeststo the server that is Voice VPN Activator 110.

In one embodiment, the access network is a public telephony network suchas Public Switched Telephone Network (PSTN) or Voice over IP Telephonenetwork (VoIP).

In one embodiment, Voice VPN Signaling Interface 103 for the corporatephone service is based on Web technologies.

In one embodiment, Voice VPN Signaling Interface 103 is based on SIPtechnology. In such an embodiment, User Terminal 180 includes a SIP useragent, whereas Voice VPN Signaling Mediator 130 includes a SIP proxy ora SIP server.

In one embodiment, Voice VPN Signaling Interface 103 is based on H.323technology.

In one embodiment, the access network is the Internet.

In one embodiment, the access network is a private network such as acorporate virtual private network, or an extranet between the corporatenetwork and other partner corporate networks.

In one embodiment, the access network is inside the corporate networkwhere the corporate user is in a remote office.

In one embodiment, the corporate policy requires security control overthe use of corporate voice and communication services with a desktopphone.

To use a corporate voice and communication service, User Terminal 180interacts with Voice VPN Signaling Mediator 130 over the Voice VPNSignaling Interface 103 and Voice VPN Session Mediator 150 over VoiceVPN Session Mediator Interface 105.

In one embodiment, User Terminal 180 uses Voice VPN Signaling Interface103 to set up a corporate voice and communication service session.

In one embodiment, a corporate voice and communication service is thecorporate phone service.

In one embodiment, Voice VPN Signaling Interface 103 is based onInternet Protocol.

In one embodiment, Voice VPN Signaling Mediator 130 is software residingin the User Terminal 180, and Voice VPN Signaling Interface 103 is aninternal programming interface such as a function call or aninter-method call (IPC).

After a corporate voice and communication service session isestablished, User Terminal 180 conducts the service session over theVoice VPN Session Mediator Interface 105.

In one embodiment, the format of the service session content depends onthe corporate voice and communication service.

In one embodiment, the service session is secure.

In one embodiment, a corporate voice and communication service is thecorporate phone service.

In FIG. 1, Voice VPN Gateway 100 communicates with Corporate Voice andCommunication Service Servers 190 on behalf of the corporate userthroughout a Voice VPN session of the corporate user. Thus, CorporateVoice and Communication Service Servers 190 consider the corporate useras if the corporate user is accessing the corporate voice andcommunication services from within the corporate network. In order toact on behalf of the corporate user, the Voice VPN Gateway 100 mediatesthe communication between the User Terminal 180 and the Corporate Voiceand Communication Service Servers 190. Voice VPN Activator 110 interactswith Corporate Voice and Communication Service Servers 190 overCorporate Voice and Communication Service Activation Interface 191 toperform user authentication for accessing corporate voice andcommunication services.

In one embodiment, Corporate Voice and Communication Service Servers 190do not require additional authentication.

In one embodiment, Voice VPN Signaling Mediator 130 interacts withCorporate Voice and Communication Service Servers 190 over CorporateVoice and Communication Service Signaling Interface 193 for servicespecific signaling procedures. Voice VPN Session Mediator 150establishes a corporate voice and communication service session with thepeer over the Corporate Voice and Communication Service SessionInterface 195.

In one embodiment, the corporate voice and communication service sessionis specific to the corporate voice and communication service.

In one embodiment, the corporate voice and communication service sessionis between Voice VPN Session Mediator 150 and Corporate Voice andCommunication Service Servers 190.

In another embodiment, the corporate voice and communication servicesession is between Voice VPN Session Mediator 150 and the user terminalof the peer.

In one embodiment, Voice VPN Session Mediator Interface 105 for thecorporate phone service is based on voice over packet technology. Voicesignals are sampled, digitized and put into IP packets.

In one embodiment, the voice over packet technology is similar to Voiceover IP technology.

In one embodiment, the voice packets are transferred using Real TimeTransport Protocol (RTP).

In one embodiment, a streaming protocol such as Real Time StreamingProtocol (RTSP) is used.

In one embodiment, the voice packets are transferred using any streamingor real time transport protocols.

In one embodiment Voice VPN Session Mediator Interface 105 includes aplurality of network attributes such as security, quality of services,jitter and network delay attributes.

In one embodiment, the voice packets are encrypted.

In one embodiment, the voice packets are transmitted with the highestpriority.

In one embodiment, the voice packets are transmitted within a maximumend-to-end 35 millisecond delay.

When corporate phone services are needed, a corporate user can instructUser Terminal 180 to request the corporate phone service from Voice VPNActivator 110.

In one embodiment Voice VPN Activation Interface 101 is based on Webtechnology. User Terminal 180 includes a Web browser and Voice VPNActivator 110 provides a Web page for User Terminal 180 to submit therequest for the corporate phone service.

In one embodiment, User Terminal 180 sends the request based on aclient-server protocol model. Voice VPN Activator 110 determines thecorporate user phone service information.

In one embodiment, the corporate user phone service information includescorporate user identity data for the corporate phone service.

In one embodiment, the corporate user phone service information includesthe capabilities of User Terminal 180.

In one embodiment, the capabilities of User Terminal 180 include thecodec capability, the security attributes, and the network transportcapability such as quality of services.

In one embodiment, User Terminal 180 transmits the corporate user phoneservice information to Voice VPN Activator 110.

In one embodiment, Voice VPN Activator 110 retrieves the corporate userphone service information from Data Store 120. Voice VPN Activator 110sends the corporate user phone service information to Voice VPNSignaling Mediator 130. Voice VPN Signaling Mediator 130 registers withCorporate Phone Service Server 190. Voice VPN Signaling Mediator 130transmits a part or all of the corporate user phone service informationto Corporate Phone Service Server 190 to activate the corporate phoneservice for the corporate user. Voice VPN Signaling Mediator 130indicates to Voice VPN Activator 110 of the successful registration ofthe corporate phone service. Voice VPN Activator 110 subsequentlyresponds to User Terminal 180 of a successful activation of thecorporate phone service. The corporate user can start using thecorporate phone service.

A corporate user can request a complete set or a partial set of phoneservice features. In one embodiment, a corporate user can request a setof phone service features such as making a phone call, receiving a phonecall, and other corporate phone service features.

In one embodiment, a corporate user can request phone calling serviceonly, in which case incoming calls are not routed to the corporate user.

In one embodiment, the corporate user can request phone call receivingservice only that delivers calls to User Terminal 180. In such anembodiment, the corporate user cannot make a call with the corporatephone service.

FIG. 2 illustrates a method for requesting access to the corporate VoiceVPN. User Terminal 280 sends a request to Voice VPN Activator 210. VoiceVPN activator queries Data Store 220 for user authentication data andvalidates user authentication with Corporate Voice and CommunicationService Servers 290.

In one embodiment User Terminal 280 provides the corporate user identityand a password. Voice VPN Activator 210 compares the corporate useridentity and the password with the information in the Data Store 220.

In one embodiment, Voice VPN Activator 210 checks with ExternalAuthentication Validator 270 to validate the corporate user identity andthe password.

In one embodiment, after validating a corporate user, Voice VPNActivator 210 requests user authentication with Corporate Voice andCommunication Service Servers 290.

In one embodiment, Corporate Voice and Communication Service Servers 290may require additional corporate user information. Voice VPN Activator210 sends prompts to User Terminal 280 for necessary information.

In one embodiment, Corporate Voice and Communication Service Servers 290do not require additional information.

In one embodiment, it is not necessary to perform user authenticationfor the Corporate Voice and Communication Service Servers 290. In such acase, the Voice VPN Activator 210 does not interact with the CorporateVoice and Communication Service Servers 290. After validating allnecessary user authentications, Voice VPN Activator 210 respondspositively to User Terminal 280. The corporate user is thus allowedaccess the corporate Voice VPN.

In one embodiment, Voice VPN Activator 210 notifies Corporate Voice andCommunication Service Servers 290 that the corporate user terminates theaccess to any corporate voice and communication services.

In the embodiment where Voice VPN Activator 210 receives a terminationrequest from User Terminal 280, Voice VPN Activator 210 responds to UserTerminal 280 of a successful termination of the access to the corporateVoice VPN.

In FIG. 2, during the process of validating the corporate user'sauthentication, Voice VPN Activator 210 determines a plurality ofcorporate voice and communication services that are allowed for thecorporate user.

In one embodiment, the allowed corporate voice and communicationservices are determined based on the corporate position or corporaterole of the corporate user.

In one embodiment, the allowed corporate voice and communicationservices are determined based on the time of the day.

In one embodiment, the allowed corporate voice and communicationservices are determined based on the user's subscription of corporatevoice and communication services.

In one embodiment, corporate voice and communication services areactivated automatically according to a schedule. The allowed corporatevoice and communication services will include the scheduled serviceswhen the corporate user accesses the Voice VPN at the appropriate time.

In one embodiment, the allowed corporate voice and communicationservices are determined based on a combination of criteria including theprevious embodiments.

In one embodiment, the allowed corporate voice and communicationservices are determined based a particular corporate user's past usehabits. Using artificial intelligence principles, it is possible to makethe set of allowed and available voice and communications servicesdependent on adaptive logic including, but not limited to, various formsof fuzzy logic or Bayesian analysis. In this way a corporate user canadaptively be assigned a set of voice and communications services or beprompted to request services from a set of recently or most likelyneeded voice and communication services.

Upon determining the plurality of corporate voice and communicationservices, and confirming the corporate user's authentication, Voice VPNActivator 210 informs User Terminal 280 of the accessible corporatevoice and communication services.

FIG. 3 illustrates a method for terminating access to corporate VoiceVPN. User Terminal 380 requests Voice VPN Activator 310 to terminateaccess to the corporate Voice VPN.

In one embodiment, Voice VPN Activator 310 determines User Terminal 380is no longer using the corporate Voice VPN.

In one embodiment, User Terminal 380 is powered off. Voice VPN Activator310 cannot continue communicating with User Terminal 380.

In one embodiment, Voice VPN Activator 310 terminates access to VoiceVPN after not receiving a signal from User Terminal 380 for some timeout period.

In one embodiment, the time out period is over 45 seconds.

In another embodiment, the time period is over 3 minutes. After the timeout period expires Voice VPN Activator 310 terminates access to thecorporate Voice VPN.

After Voice VPN Activator 310 receives a termination request ordetermines the termination of User Terminal 380, Voice VPN Activator 310checks for any corporate voice and communication services in use. Ifthere are any corporate voice and communication service in use, VoiceVPN Activator 310 sends a request to Voice VPN Signaling Mediator 330 toterminate the corporate voice and communication service for thecorporate user.

FIG. 4 illustrates a method of requesting use of corporate phoneservice. In this illustration, the Voice and Communication ServiceServer is a Corporate Phone Service Server 490.

In one embodiment, the corporate phone service is based on Voice overInternet Protocol.

In one embodiment, Corporate Phone Service Server 490 includes a SessionInitiation Protocol (SIP) server and a media gateway.

In a one embodiment, Corporate Phone Service Server 490 is an IP PBX.

In one embodiment Corporate Phone Service Server 490 is a Soft Switch.In the same embodiment, Voice VPN Signaling Mediator 430 includes aSession Initiation Protocol (SIP) user agent that communicates with theSIP server in Corporate Phone Service Server 490. Voice VPN SessionMediator 450 includes a codec module equipped with an IP interface tohandle the Voice over Internet Protocol (VoIP) packets between itselfand Corporate Phone Service Server 490.

FIG. 5 illustrates a method for terminating corporate phone service.User Terminal 580 requests Voice VPN Activator 510 to terminate theusage of the corporate phone service.

In one embodiment, User Terminal 580 terminates the Voice VPN access,indicating its intention to terminate all in-use voice and communicationservices including the corporate phone service.

In one embodiment, Voice VPN Activator 510 determines User Terminal 580is no longer using the corporate phone service, for example, afterdetermining User Terminal 580 is no longer active in Voice VPNcommunication. Voice VPN Activator 510 notifies Voice VPN SignalingMediator 530 of the termination of the corporate phone service by thecorporate user. Voice VPN Signaling Mediator 530 de-registers thecorporate user from Corporate Phone Service Server 590.

In one embodiment, the corporate phone service is always available anddoes not require a notification of service termination.

FIG. 6 illustrates a method for making a phone call according to oneembodiment of the present invention. A corporate user dials a phonenumber of a callee. User Terminal 680 informs Voice VPN SignalingMediator 630 of the callee information which includes the callee phonenumber and the user terminal voice session resource that is used toestablish a voice session with Voice VPN Session Mediator 650. Voice VPNSignaling Mediator 630 requests Voice VPN Session Mediator 650 toreserve a resource that is to be used to establish a corporate sidevoice session, a resource that is to be used to establish a user sidevoice session with User Terminal 680, and a resource to mediate betweenthe two sessions. Voice VPN Signaling Mediator 630 also informs VoiceVPN Session Mediator 650 of the user terminal voice session resource.Voice VPN Session Mediator 650 responds to Voice VPN Signaling Mediator630 with reservations for corporate side voice session resource 675 anduser side voice session resource 673. Voice VPN Signaling Mediator 630responds to user terminal 680 with user side voice session resource 673.

In one embodiment, Voice VPN Session Mediator 650 establishes a userside voice session 685 with User Terminal 680 immediately.

In one embodiment, Voice VPN Session Mediator 650 establishes the userside voice session 685 at a later time. Voice VPN Signaling Mediator 630requests Corporate Phone Service Server 690 to make a phone call to thecallee. The request includes the callee phone number and the corporateside voice session resource 675.

In one embodiment, Voice VPN Signaling Mediator 630 includes a SIP useragent and Corporate Phone Service Server 690 includes a SIP server. Therequest is a SIP INVIT message. This message carries the SDP informationwhich includes the corporate side voice session resource 675, and thecallee information which includes the callee phone number. CorporatePhone Service Server 690 subsequently responds positively to therequest.

In one embodiment, Corporate Phone Service Server 690 responds with aSIP OK message. The response message includes the corporate side peervoice session resource information so that a corporate side voicesession can be established.

In one embodiment, corporate side voice session 695 is between Voice VPNSession Mediator 650 and Corporate Phone Service Server 690.

In one embodiment, the corporate side voice session 695 is between VoiceVPN Session Mediator 650 and a telephone system.

In one embodiment, corporate side voice session 695 is between Voice VPNSession Mediator 650 and a Voice VPN Session Mediator, when the calleeis another corporate user accessing the corporate Voice VPN. Voice VPNSignaling Mediator 630 notifies Voice VPN Session Mediator 650 of thecorporate side peer voice session resource information. Voice VPNSession Mediator 650 establishes corporate side voice session 695.

In one embodiment, Voice VPN Session Mediator 650 establishes the userside voice session 685 with User Terminal 680 at the same time. VoiceVPN Signaling Mediator 630 responds positively to User Terminal 680 ofsuccessful establishment of a phone call. The corporate user can thenconduct the phone conversation with the callee with the reservedresource in Voice VPN Session Mediator 650 that mediates user side voicesession 685 and corporate side voice session 695.

Methods for using other common corporate phone features such as voicemail, consultation hold, call transfer, call trace are illustrated inconjunction with FIG. 6.

Corporate Voice Mail Feature

FIG. 6 also illustrates a method by which a corporate user accesses thecorporate voice mail feature provided by Corporate Phone Service Server690. The corporate user activates this feature at User Terminal 680.User Terminal 680 sends this request to Voice VPN Signaling Mediator 630with the voice mail feature information. Voice VPN Signaling Mediator630 uses this information to establish the corporate side voice sessiontowards Corporate Phone Service Server 690. Signaling Mediator 630 alsoinstructs the Voice VPN Session Mediator 650 to mediate the user sidevoice session and the corporate side voice session. The signaling andsession mediation procedures are the same as making a phone call to aremote peer user as illustrated in FIG. 6. Upon successful sessionestablishment of the user side voice session and the corporate sidevoice session, the corporate user is communicating with the voice mailsystem.

In one embodiment, the voice mail system does not require further userauthentication.

In another embodiment, the voice mail system prompts the corporate userfor user identity information that may include, but is not limited to, apassword or access code. Interaction between the corporate user and thevoice mail system may use mechanisms such as tone detection or voicerecognition. These mechanisms are known to those skilled in the art. Thevoice mail service session may be terminated by the corporate user as inFIG. 8, or by the voice mail system, which is the remote peer user asillustrated in FIG. 7.

Call Waiting Feature

In one embodiment, while the corporate user is in a phone session withthe remote peer user, another remote caller makes a phone call throughCorporate Phone Service Server 690 to the corporate user. CorporatePhone Service Server 690 determines the corporate user is reachablethrough Voice VPN Signaling Mediator 630. Corporate Phone Service Server690 requests a phone call to the corporate user with Voice VPN SignalingMediator 630. In such an embodiment, Voice VPN Signaling Mediator 630supports the Call Waiting feature. Voice VPN Signaling Mediator 630determines that the corporate user is active on a phone session. Itsends a call waiting indication to User Terminal 680 that includesinformation of the remote caller. Corporate user at User Terminal 680receives a call waiting alert and decides to accept the new call. UserTerminal 680 responds to Voice VPN Signaling Mediator 630 to accept thewaiting call. Voice VPN Signaling Mediator 630 communicates withCorporate Phone Service Server 690 to put the original corporate sidevoice session on hold. Voice VPN Session Mediator 650 establishes a newcorporate side voice session with the remote caller as illustrated inthe receiving a phone call method in FIG. 7.

Additionally, Voice VPN Signaling Mediator 630 instructs Voice VPNSession Mediator 650 to mediate the user side voice session and the newcorporate side voice session. While the corporate user is conversingwith the remote caller, the remote peer user is put on hold. Thecorporate user can alternatively converse between the remote peer userand the remote caller by indicating her choices to Voice VPN SignalingMediator 630 via User Terminal 680. Voice VPN Signaling Mediator 630instructs Voice VPN Session Mediator 650 to mediate between the userside voice session and the chosen corporate side voice session.

Call Transfer Feature

In one embodiment, while the corporate user is in a phone session withthe remote peer user, the corporate user wants to transfer the remotepeer user to a new remote peer user. The corporate user selects the calltransfer feature and supplies the phone number of the new remote peeruser. User Terminal 680 sends the call transfer feature selection andthe new remote peer user information to Voice VPN Signaling Mediator630. Voice VPN Signaling Mediator 630 sends the call transfer featureselection and the new remote peer user information to Corporate PhoneService Server 690. When the call transfer method is successfullycompleted, the Corporate Phone Service Server 690 sends a response tothe Voice VPN Signaling Mediator 630 indicating the success of theoperation.

In one embodiment, Voice VPN Signaling Mediator 630 sends the successindication to User Terminal 680. User Terminal 680 drops the phone callas illustrated in the dropping a call by the corporate user method inFIG. 8.

In another embodiment, Corporate Phone Service Server 690 determines todrop the phone call to User Terminal 680 upon successfully transferringthe phone call to the new remote user. Corporate Phone Service Server690 proceeds to drop the phone call, as illustrated by the dropping acall by the remote peer user method in FIG. 9.

Call Recording Feature

In one embodiment, while the corporate user is in a phone session withthe remote peer user, the corporate user wants to record theconversation. The corporate user selects the call recording feature.User Terminal 680 sends the call recording request information to VoiceVPN Signaling Mediator 630.

In one embodiment, Voice VPN Signaling Mediator 630 sends the callrecording request information to Corporate Phone Service Server 690.Corporate Phone Service Server 690 records the phone session.

In one embodiment, Corporate Phone Service Server 690 sends a recordingstart indication to Voice VPN Signaling Mediator 630, which sends therecording start indication to User Terminal 680.

In one embodiment, Voice VPN Signaling Mediator 630 does not send thecall recording request information to Corporate Phone Service Server690. Voice VPN Signaling Mediator 630 instructs Voice VPN SessionMediator 650 to record the phone session.

In one embodiment, Voice VPN Signaling Mediator 630 sends a recordingstart indication to User Terminal 680.

In one embodiment, Voice VPN Signaling Mediator 630 does not send arecording start indication to User Terminal 680. In one embodiment,during the recording of the phone session, Voice VPN Session Mediator650 records the phone session to Data Store 620.

There are other embodiments of this Call Recording feature, for example,to stop the recording by the corporate user. Skilled in the art shouldbe able to apply the same principle to implement this feature.

The foregoing descriptions illustrate methods for handling a number ofcommonly used corporate phone service features. It should be obvious tothose skilled in the art to apply similar methods to handle othercorporate phone service features.

FIG. 7 illustrates a method for receiving a phone call. When a remotecaller makes a phone call through the Corporate Phone Service Server 790to the callee, the corporate user, Corporate Phone Service Server 790determines the corporate user is reachable through Voice VPN SignalingMediator 730. Corporate Phone Service Server 790 requests a phone callto the corporate user with Voice VPN Signaling Mediator 730. The requestincludes the callee information, which includes the callee phone number,and the corporate side peer voice session resource information.

In one embodiment Corporate Phone Service Server 790 includes a SIPserver. The request message is a SIP INVIT message. Voice VPN SignalingMediator 730 matches the callee phone number with all corporate VoiceVPN users who had activated the corporate phone service and determinesthe corporate user as the callee. Voice VPN Signaling Mediator 730requests Voice VPN Session Mediator 750 to reserve a resource that is tobe used to establish a corporate side voice session, a resource that isto be used to establish a user side voice session with User Terminal780, and a resource to mediate between the two sessions. Voice VPNSignaling Mediator 730, in addition, informs Voice VPN Session Mediator750 the corporate side peer voice session resource information. VoiceVPN Session Mediator 750 reserves the resources and responds to VoiceVPN Signaling Mediator 730 with the reserved resource information whichincludes corporate side voice session resource 776 and user side voicesession resource 774.

In one embodiment Voice VPN Signaling Mediator 730 includes a SIP useragent. It responds to the SIP INVIT message with SDP information ofcorporate side voice session resource 776. In such an embodiment, VoiceVPN Session Mediator 750 establishes corporate side voice session 797with the corporate side peer voice session resource information.

In another embodiment, Voice VPN Session Mediator 750 establishescorporate side voice session 797 at a later time. Voice VPN SignalingMediator 730 notifies User Terminal 780 of a phone call request. Thenotification message includes the caller information and user side voiceresource information 774. User Terminal 780 alerts the corporate user ofa phone call request. The corporate user decides to accept the call.User Terminal 780 responds to Voice VPN Signaling Mediator 73 to acceptthe phone call. The response message includes the user terminal voicesession resource information. Voice VPN Signaling Mediator 730 notifiesVoice VPN Session Mediator 750 of the user terminal voice sessionresource information. Voice VPN Session Mediator 750 establishes userside voice session 787 with User Terminal 780.

In one embodiment, Voice VPN Session Mediator 750 also establishes thecorporate side voice session 797 with the corporate side peer voicesession resource information. Voice VPN Signaling Mediator 730 respondspositively to Corporate Phone Service Server 790. The corporate user cannow conduct a phone conversation with the caller with the reservedresource in Voice VPN Session Mediator 750 that mediates user side voicesession 787 and corporate side voice session 797.

FIG. 8 illustrates a method for dropping a phone call by a corporateuser. User Terminal 880 requests Voice VPN Signaling Mediator 830 toterminate a phone call. This request includes the user side voicesession information. Voice VPN Signaling Mediator 830 maps the user sidevoice session information to the corresponding corporate side voicesession. Voice VPN Signaling Mediator 830 sends a request to CorporatePhone Service Server 890 to terminate the phone call. This requestmessage includes the corporate side voice session information. CorporatePhone Service Server 890 responds positively to the request.

In one embodiment Corporate Phone Service Server 890 includes a SIPserver. The request message is a SIP BYE message. Corporate PhoneService Server 890 responds with a SIP OK message. Voice VPN SignalingMediator 830 requests Voice VPN Session Mediator 850 to release thevoice session resources.

In one embodiment Voice VPN Signaling Mediator 830 sends such a requestto Voice VPN Session Mediator 850.

FIG. 9 illustrates a method for dropping a phone call by the remote peeruser. Upon notification of a termination of a phone call by the remotepeer user, Corporate Phone Service Server 990 requests Voice VPNSignaling Mediator 930 to terminate a phone call. The request messageincludes the corporate side voice session information.

In one embodiment, Corporate Phone Service Server 990 includes a SIPserver. The request message is a SIP BYE message. Voice VPN SignalingMediator 930 matches the corporate side voice session information withall active corporate side voice sessions to determine which phone callto terminate. Voice VPN Signaling Mediator 930 notifies User Terminal908 to terminate the phone call.

In one embodiment, Voice VPN Signaling Mediator 930 does not inform UserTerminal 980 of the phone call termination. User Terminal 980 detectsinactivity of user side voice session 989 to determine the phone call isterminated.

In one embodiment, User Terminal 980 detects that the user side voicesession 989 is disconnected, and determines the phone call isterminated.

In one embodiment, the corporate user detects inactivity of the remotepeer user and determines the phone call is terminated. Voice VPNSignaling Mediator 930 requests Voice VPN Session Mediator 950 torelease the voice session resources. Voice VPN Session Mediator 950terminates corporate side voice session 999 and user side voice session989. Voice VPN Signaling Mediator 930 responds positively to CorporatePhone Service Server 990.

In one embodiment Corporate Phone Service Server 990 includes a SIPserver. The response message is a SIP OK message.

In an embodiment, Voice VPN Signaling Mediator 930 responds to CorporatePhone Service Server 990 before requesting Voice VPN Session Mediator950 to release the voice session resources.

FIG. 10 illustrates a method for retrieving a corporate phone directory.User Terminal 1080 requests the corporate phone directory from Voice VPNSignaling Mediator 1030. Voice VPN Signaling Mediator 1030 requests thecorporate phone directory from Corporate Phone Service Server 1090.Corporate Phone Service Server 1090 responds with the corporate phonedirectory. Voice VPN Signaling Mediator 1030 formats the information,and responds to User Terminal 1080 with the corporate phone directory.

In the forgoing descriptions of various possible embodiments of thepresent invention, the remote peer party is a corporate voice serviceuser inside the realm of the corporate voice network, another Voice VPNuser, or a user connected to the corporate network via other networkssuch as PSTN. The illustrations of the inventions are not limiting tothe illustrated corporate phone service. Those skilled in the art shouldbe able to apply the principles of the present invention to othercorporate phone service features, as well as other voice andcommunication services.

Foregoing described embodiments of the invention are provided asillustrations and descriptions. They are not intended to limit theinvention to precise form described. In particular, it is contemplatedthat functional implementation of invention described herein may beimplemented equivalently in hardware, software, firmware, and/or otheravailable functional components or building blocks, and that networksmay be wired, wireless, or a combination of wired and wireless. Othervariations and embodiments are possible in light of above teachings, andit is thus intended that the scope of invention not be limited by thisDetailed Description, but rather by Claims following.

What is claimed is:
 1. A voice network, comprising: a voice virtualprivate network (VPN); a server within the voice VPN for providingcorporate voice calls within the voice VPN; a user terminal external tothe voice VPN and directly coupled to a public network; and a voice VPNgateway coupled to the server via the voice VPN and coupled to the userterminal via the public network, wherein the voice VPN gateway: receivesa registration request from the user terminal to receive corporate voicecalls within the voice VPN, and sends user terminal information to theserver to activate the user terminal; wherein the server: receives theuser terminal information from the voice VPN gateway; receives acorporate voice call to the user terminal from a caller, and sends tothe voice VPN gateway a first request for the voice call to the userterminal; wherein the voice VPN gateway comprises a voice VPN signalingmediator and a voice VPN session mediator, wherein the voice VPNsignaling mediator: receives the first request for the voice call to theuser terminal from the server, and sends a second request to the voiceVPN session mediator to reserve resources at the voice VPN sessionmediator for the voice call, wherein the voice VPN session mediator: inresponse to receiving the second request from the voice VPN signalingmediator, reserves the resources for voice call, establishes with theserver a server side voice session associated with the voice call usingthe resources reserved for the voice call, establishes with the userterminal the user side voice session associated with the voice callusing the resources reserved for the voice call, and mediates voicesignals of the voice call between the user side voice session and theserver side voice session using the resources reserved for the voicecall.
 2. The network of claim 1, wherein the public network is a publictelephony network.
 3. The network of claim 1, wherein the public networkis an Internet.
 4. The network of claim 1, wherein the public network isan extranet.
 5. The network of claim 1, wherein the voice VPN gateway iscoupled to the server over the server side voice session and is coupledto the user terminal over the user side voice session simultaneouslywith the server side voice session, wherein the voice VPN gatewaymediates between the user side voice session and the server side voicesession.
 6. The network of claim 1, wherein the voice VPN sessionmediator establishes the server side voice session using a server sidevoice session resource, establishes the user side voice session using auser side voice session resource, and mediates the voice signals of thevoice call between the user side voice session and the server side voicesession using a resource for mediating.
 7. The network of claim 1,wherein the voice VPN gateway encrypts the voice signals in the userside voice session.
 8. The network of claim 1, wherein the first requestfor the voice call to the user terminal comprises callee information,wherein in response to receiving the request for the voice call to theuser terminal, the voice VPN signaling mediator further: matches thecallee information with a particular user of the user terminal,determines that the particular user is activated to receive voice callswithin the voice VPN at the user terminal, and in response todetermining that the particular user is activated to receive voice callswithin the voice VPN at the user terminal, sending the second request tothe voice VPN session mediator to reserve the resources at the voice VPNsession mediator for the voice call.
 9. The network of claim 1, whereinthe voice call is to a corporate phone number associated with the userterminal information.
 10. The voice network of claim 1, wherein thefirst request comprises a SIP message, wherein the voice VPN signalingmediator comprises a SIP module for responding to the SIP message. 11.The voice network of claim 1, wherein the server: receives a secondcorporate voice call to the user terminal from a second caller, andsends to the voice VPN gateway a third request for the second voice callto the user terminal, wherein the voice VPN signaling mediator:determines that the user terminal is actively on the voice call, sends acall waiting indication to the user terminal, receives from the userterminal an acceptance of the second voice call, and communicates withthe server to place the server side voice session on hold, wherein thevoice VPN session mediator: establishes a second server side voicesession with the server, and mediates second voice signals of the secondvoice call between the user side voice session and the second serverside voice session.
 12. A method for providing access to corporate voiceservices provided within a voice virtual private network (VPN),comprising: (a) receiving, by a voice VPN gateway coupled to a serverwithin the voice VPN, a registration request from a user terminal toreceive corporate voice calls within the voice VPN, the user terminalbeing external to the voice VPN and directly coupled to a publicnetwork, the voice VPN gateway being coupled to the user terminal viathe public network; (b) sending by the VPN gateway user terminalinformation to the server within the voice VPN to activate the userterminal; (c) receiving, from the server by a voice VPN signalingmediator of the voice VPN gateway, a first request for a corporate voicecall to the user terminal from a caller; (d) sending, from the voice VPNsignaling mediator to a voice VPN session mediator of the voice VPNgateway, a second request to reserve resources at the voice VPN sessionmediator for the voice call; (e) in response to receiving the secondrequest from the voice VPN signaling mediator, reserving the resourcesfor the voice call by the voice VPN session mediator; (f) establishingwith the user terminal by the voice VPN session mediator a user sidevoice session associated with the voice call using the resourcesreserved for the voice call; (g) establishing with the server by thevoice VPN session mediator a corporate side voice session associatedwith the voice call using the resources reserved for the voice call; and(h) mediating voice signals of the voice call between the user sidevoice session and the server side voice session by the voice VPN sessionmediator using the resources reserved for the voice call.
 13. The methodof claim 12, wherein the public network is a public telephony network.14. The method of claim 12, wherein the public network is an Internet.15. The method of claim 12, wherein the public network is an extranet.16. The method of claim 12, wherein the voice VPN gateway issimultaneously coupled to the user terminal over the user side voicesession and the server over the server side voice session.
 17. Themethod of claim 12, wherein the establishing (f), the establishing (g)and the mediating (h) comprises: (f1) establishing by the voice VPNsession mediator the user side voice session using a user side voicesession resource; (g1) establishing by the voice VPN session mediatorthe server side voice session using a server side voice sessionresource; and (h1) mediating by the voice VPN session mediator betweenthe user side voice session and the server side voice session using aresource for mediating.
 18. The method of claim 12, wherein themediating (h) further comprises: (h1) encrypting by the voice VPNgateway the voice signals in the user side voice session.
 19. The methodof claim 12, wherein the voice call is to a corporate phone numberassociated with the user terminal information.
 20. A computer programproduct comprising a computer useable non-transitory storage mediumhaving a computer readable program, wherein when the computer readableprogram is executed by a computer, causes the computer to: (a) receive,by a voice VPN gateway, a registration request from a user terminal toreceive corporate voice calls within the voice VPN, the user terminalbeing external to the voice VPN and directly coupled to a publicnetwork, the voice VPN gateway being coupled to the user terminal viathe public network; (b) send by the VPN gateway user terminalinformation to a server within the voice VPN to activate the userterminal; (c) receive, from the server by a voice VPN signaling mediatorof the voice VPN gateway, a first request for a corporate voice call tothe user terminal from a caller; (d) send, from the voice VPN signalingmediator to a voice VPN session mediator of the voice VPN gateway, asecond request to reserve resources at the voice VPN session mediatorfor the voice call; (e) in response to receiving the second request fromthe voice VPN signaling mediator, reserve the resources for the voicecall by the voice VPN session mediator; (f) establish with the userterminal by the VPN session mediator a user side voice sessionassociated with the voice call using the resources reserved for thevoice call; (g) establish with the server by the voice VPN sessionmediator a server side voice session associated with the voice callusing the resources reserved for the voice call; and (h) mediate voicesignals of the voice call between the user side voice session and theserver side voice session by the voice VPN session mediator using theresources reserved for the voice call.
 21. A voice virtual privatenetwork (VPN) gateway, comprising: a voice VPN activator for: receivinga registration request from a user terminal to receive corporate voicecalls within the voice VPN, the user terminal being external to thevoice VPN and coupled to the voice VPN gateway via a public network, theuser terminal being and coupled directly to the public network;retrieving user terminal information in response to the registrationrequest; and sending the user terminal information to a voice VPNsignaling mediator of the voice VPN gateway; the voice VPN signalingmediator for: receiving the user terminal information from the voice VPNactivator; sending the user terminal information to a server within thevoice VPN to activate the user terminal to receive the corporate voicecalls within the voice VPN; receiving from the server a first requestfor a corporate voice call to the user terminal from a caller; andsending a second request to a voice VPN session mediator of the voiceVPN gateway to reserve resources at the voice VPN session mediator forthe corporate voice call; and the voice VPN session mediator for: inresponse to receiving from the voice VPN signaling mediator the secondrequest caller, reserving the resources for the corporate voice call;establishing with the server a server side voice session associated withthe corporate voice call using the resources reserved for the corporatevoice call; establishing with the user terminal a user side voicesession associated with the corporate voice call using the resourcesreserved for the corporate voice call; and mediating voice signals ofthe corporate voice call between the user side voice session and theserver side voice session using the resources reserved for the corporatevoice call.
 22. The gateway of claim 21, wherein the voice VPN signalingmediator returns to the user terminal a user side voice sessionresource, wherein the voice VPN session mediator establishes the userside voice session with the user terminal using the user side voicesession resource.
 23. The gateway of claim 21, wherein the voice VPNsession mediator establishes the server side voice session with theserver using a server side voice session resource.
 24. The VPN gatewayof claim 21, wherein the voice VPN activator is further for requestingauthentication by the server of the registration request from the userterminal.